Use Appropriately Sized Keys

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Choosing a key size represents a trade-off between performance and security. If you choose a key that is too small, the data that you thought was well protected can be vulnerable to attack. If you choose a key that is too large, your system will be subject to a performance impact without a commensurate real-world improvement in security. The appropriate key size changes based on the cryptographic algorithm in use, and also changes over time as machine processing speeds increase and attack techniques become more sophisticated.

The following recommendations will give you a margin of safety without sacrificing too much performance:
  • When you use an asymmetric algorithm (RSA), choose a 2048-bit key
  • When you use a symmetric algorithm (AES), choose a 128-bit key

Last edited Jun 13, 2008 at 12:37 AM by prashantbansode, version 1


No comments yet.